Privacy Policy

Effective date: 2026-03-05

Article 1 (Purpose)

Yeongwon (hereinafter "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect users' personal information and to handle related grievances promptly and smoothly.

Article 2 (Personal Information Collected)

  1. Upon registration: Email address, password (stored encrypted)
  2. Upon subscription payment: Payment method information (card information is managed by the PG provider; the Company only stores encrypted billing keys)
  3. Automatically collected during service use: IP address, access logs, cookies, browser information, API usage records
  4. Upon customer inquiry: Name, email, inquiry details

Article 3 (Purpose of Use)

  1. Service provision and account management: User identification, authentication, service access management
  2. Subscription payment processing: Billing, payment confirmation, refund processing
  3. Service improvement: Usage statistics analysis, service quality enhancement
  4. Customer support: Inquiry response, announcements, technical support
  5. Security and fraud prevention: Anomalous access detection, terms violation verification

Article 4 (Retention and Destruction)

  1. Account information: Retained until account deletion, destroyed within 30 days after deletion.
  2. Payment records: Retained for 5 years in accordance with the Electronic Commerce Act.
  3. Access logs: Retained for 3 months in accordance with the Protection of Communications Secrets Act.
  4. Personal information is destroyed without delay when the retention period expires or the processing purpose is achieved.

Article 5 (Third-Party Disclosure)

The Company does not, in principle, provide users' personal information to third parties. However, exceptions are made in the following cases.

  1. When the user has given prior consent
  2. When required by law or requested by investigative authorities through legally prescribed procedures and methods

Article 6 (Processing Delegation)

The Company delegates personal information processing to the following parties for service provision.

  1. Amazon Web Services (AWS): Data storage and cloud infrastructure operation
  2. Vercel: Web application hosting
  3. TossPayments / Polar: Payment processing
  4. Resend: Email delivery

Article 7 (User Rights)

  1. Users may request access, correction, deletion, or suspension of processing of their personal information at any time.
  2. Users may modify their information directly in the account settings or by emailing software@01.works.
  3. All personal information is destroyed within 30 days upon account deletion.

Article 8 (Cookies)

  1. The Company uses cookies (payload-token) to maintain authentication sessions.
  2. Users may refuse cookies through browser settings, but this may limit service usage.
  3. Vercel Analytics is used for service improvement and does not collect personally identifiable information.

Article 9 (Security Measures)

  1. Passwords are encrypted and stored using the asynchronous scrypt algorithm.
  2. Sensitive payment information (billing keys) is encrypted with AES-256-GCM.
  3. HTTPS (TLS) encryption is applied for data in transit.
  4. Access privileges are minimized with role-based access control (RBAC).
  5. Account lockout policy (15-minute lock after 5 failed login attempts) prevents unauthorized access.

Article 10 (Privacy Officer)

  1. Privacy Officer: Donghyuk Kang (CEO)
  2. Contact: software@01.works
  3. Privacy violation reports: KISA Privacy Center (privacy.kisa.or.kr, 118)
  4. Privacy dispute mediation: Personal Information Dispute Mediation Committee (www.kopico.go.kr, 1833-6972)

Article 11 (Policy Changes)

This Privacy Policy may be amended due to changes in applicable laws or Company policies. Users will be notified in advance via in-service notice or email.